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PROJECT GOALS 


• Examine Use And Implementation Of Ada On 
Distributed Systems 

• Programming Of Systems With “Fail- Stop” Components 

• Analyze Tolerance To Loss Of Processors 

• Propose Solutions To Language Inadequacies 

• Implement These Solutions 

• Perform Validation Experiments 

• Suggest Long-Term Changes To Ada 
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WHY Ada ON DISTRIBUTED SYSTEMS? 


• Ada Will Be Used Extensively In Embedded Systems 

• Embedded Systems Will Be Distributed 

• Many Applications Will Be Crucial 

— Spacecraft Systems 
— Aircraft Systems 
— Industrial Process Control 

• Distributed Systems Should Support Graceful Degradation 

— Partial Power Failure 
— Physical Damage 
— Component Failure 

• Ada Permits Distributed Targets Explicitly 
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Ada RENDEZVOUS 


Processor 1 Processor 2 


Task A 


Task B 



ACCEPT E DO 

B . E 

1 



END ACCEPT; 




Communications Network 


• Task A Suspended K Processor 2 Fails During ACCEPT 
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Ada DIFFICULTIES 


• Language Elements That Cause Difficulty: 

— All Forms Of Rendezvous 

— Shared Variables 

— Task Elaboration And Termination 

— Loss Of Context 

— Distribution Control 

— Processor Loss - Detection And Signaling 

• Complete Lack Of Distribution Semantics 

• Complete Lack Of Failure Semantics 
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SOLUTIONS 


• Short Term: 

— Define Simple Distribution Semantics 

• What Can Be Distributed 

• Where It Can Be Distributed 

• Control Of This Distribution 

• Necessary Restrictions On Program 
Structure 

— Define Failure Semantics As Equivalent To 
“ABORT” 


Long Term: 

— Complete Redefinition Of Tasking Semantics 

— Partial Replacement Of Tasking Syntax 

— Language Support For Distributed Systems 
Using Fail- Stop Components 
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STATUS OF SOLUTIONS 


• Language Review Complete 

• Short Term Solution: 

— Distribution Semantics Complete 

— Failure Semantics Complete 

— Implementation Design Complete 

— Implementation Complete And Under Test 

— Realistic NASA Application Required For 
Evaluation Of All The Ideas 

• Long Term: 

— Several Proposals Being Examined 
— Radical Changes To Ada Required 
— U.Va’s Ada-2 Design Expected Soon 
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OTHER ISSUES IN DISTRIBUTED SYSTEMS 


• Concurrency Implies Nondeterminism 

• Difficulties With “What K” Questions Of Language 
Semantics 

• Difficulties With “What If” Questions Of Fault-Tolerance 
Strategy 

• Require “Complete” Demonstration Of Fault Tolerance 

• Systematic, Repeatable Experiments 
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TESTBED REQUIREMENTS 


• Model Arbitrary Physical Architectures 

• Represent Any Logical Organization 

• Provide Parallel Execution (The Illusion At Least) 

• Control Interprocessor Communication 

• Control Process Execution 

• Fail And Restart Processors At Well-Defined Points 

• Maintain Time Correctly 

• Provide Monitoring Facilities 
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VIRTUAL PROCESSORS 


• Key Component Of The Testbed 

• LiteraUy Ada “Virtual Machines” 

• One Virtual Processor For Each Ada Task In A Program 

• Designed To “Implement” Ada Tasking And Exception 
Handling 

• Several Different “Memories” - Whatever Is Convenient 

• “Hardware” Implemented Entry Queues 

• “Rendezvous” And Similar Instructions 


• Implemented By Simulation 
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ABSTRACT PROCESSORS 


Correspond To “Real” Equipment Required By 
Experimenter 


Each Abstract Processor Implements Any Number Of 
Virtual Processors 


Abstract Processors Are “Ideal” Also - E.G. Suspended, 
Failed, Etc 


Abstract Processors Communicate Via An Abstract 
Communications System 


Testbed Supports An Arbitrary Number Of Abstract 
Processors 
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EXPERIMENTAL STRUCTURE 



Abstract Communications Network 


• View Seen By Experimenter 


• AP’s Represent Ultimate Target He Has In Mind 
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PHYSICAL PROCESSORS 


• Correspond To “Actual” Equipment Available To 
Experimenter 

• Each Physical Processor Implements Any Number Of 
Abstract Processors 

• Physical Processors Are “Real” 

• Physical Processors Communicate Via A “Real” 
Communications System 

• Single Abstract Processor Can Run On Each Physical 
Processor 
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CONTROLLER 


Start, Stop, Single-Step Ada Tasks 


Control Communication At The Message Level 


Manage Breakpoints On A Per-Task Basis 


Arrange Failure Of Abstract Processors 


CoUect And Display Information For Experimenter 
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TESTBED CONTROL 


Physical Processor 


Physical Processor 
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CONCLUSIONS 


• ANSI Ada Does Not Support Processor Failures Well 

• ANSI Ada Can Cope Given: 

— Minor Semantic Enhancements 
— No Syntax Changes 

— Major Additions To Execution-Time System 


• Demonstration Implementation Being Developed At The 
University Of Virginia 

— A Feasibility Study 

— Not Suitable For Production Use 

• Realistic Application Needed For Evaluation Purposes 

• Ideal Solution Requires Extensive Language Changes 
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